APT forecasts 2021: Kaspersky experts expect changed attack strategies and new vulnerabilities. In the focus of APT actors: 5G, network applications and multi-level attacks.
The Kaspersky experts present their predictions in the area of Advanced Persistent Threats (APT) for the year 2021. Due to the increased attack surface, structural and strategic changes will occur with regard to targeted attacks. APT players will probably target network applications, increasingly look for 5G vulnerabilities and carry out multi-stage attacks. However, there is also a bright spot: there will be actions against cybercriminal activities, such as the sale of zero days.
The annual forecasts are based on knowledge gained by Kaspersky's Global Research and Analysis Team (GReAT) during the current year. The aim is to provide the cybersecurity community with guidance and insights that - along with a series of predictions of future threats in the industrial and technology sectors - will help them be better prepared for the challenges of the next twelve months.
Generic malware ransomware attacks
Arguably one of the most dangerous trends that Kaspersky researchers anticipate is a change in the way threat actors perform attacks. For example, targeted ransomware attacks using generic malware were used to gain a foothold in the targeted networks. Links have been observed between these attacks and well-established underground networks such as Genesis, which typically trade in stolen credentials. Kaspersky experts assume that APT actors will use the same method to compromise their goals. As a result, organizations should pay more attention to generic malware and implement basic incident response measures on compromised computers to prevent generic malware from being used as a vehicle for more sophisticated threats.
Further APT forecasts for 2021
- More countries will release the toolsets of government-sponsored APT groups. Previous Kaspersky predictions that “naming and shaming” of APT attacks will come true have come true. Disclosing toolsets from APT groups conducted at the government level will prompt more states to do the same. As a result, actors' activities and developments will be hampered, as their adversaries' existing toolsets can no longer be used to retaliate.
- More companies from Silicon Valley will turn against zero-day brokers. After known cases in which zero-day vulnerabilities in popular espionage apps were exploited for various purposes, more companies from Silicon Valley will probably take a stand against zero-day brokers in order to protect their customers and their reputation.
- Increasingly targeting network applications. With remote working, security has become more important, which is why there will be even more interest in using network appliances such as VPN gateways. It is therefore reasonable to assume that credentials for accessing corporate VPNs via remote employees will be “visited”.
- More complex ransomware attacks. The Kaspersky experts assume that a changed strategy on the part of the ransomware actors will lead to a consolidation of a still diverse but rather narrow ransomware ecosystem. After the success of previous targeted attack strategies, larger ransomware actors will be more focused on their activities and develop APT-like skills. With the money extorted from the groups, they can invest significant resources in new advanced toolsets; the budgets are thus comparable to those of some of the state-sponsored APT groups.
- More disruptive attacks through a targeted and orchestrated attack that affects critical infrastructures or leads to collateral damage, as our lives are even more dependent than before on technologies with a much larger attack surface.
- Occurrence of 5G vulnerabilities. With the increasing acceptance of this technology and the dependence of the devices on the connectivity provided, actors will increasingly look for weak points that they can exploit.
- Attackers will continue to exploit the COVID-19 pandemic. Although the virus did not result in any changes in the tactics, techniques and procedures of the threat actors, it will still be abused as an issue by threat actors in order to gain access to target systems.
Looking back at the 2021 predictions is also very interesting the APT predictions of the Kaspersky experts for 2020.
More on this at SecureList from Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/